Endpoint management system providing an application programming interface proxy service

ABSTRACT

An endpoint management and proxy system is described, by which users can manage and enable exposure of application programming interfaces (“APIs”) usable to cause execution of program code on a remote or third party system. Systems and methods are disclosed which facilitate the handling of user requests to perform certain tasks on remote systems. The endpoint management system allows the application developer to define and specify a first proxy API which maps to a second API associated with the remote system. The endpoint proxy system receives requests to execute the proxy API, determines the API mapping, and sends one or more backend API requests to execute program codes by the associated remote systems. Responses from the remote systems are received by the endpoint proxy system which parses and/or transforms the results associated with the response and generates an output result for response back to the user computing systems.

CROSS-REFERENCE TO OTHER APPLICATIONS

The present application's Applicant previously filed the following U.S. patent application on Sep. 30, 2014:

Application No. Title 14/502,992 THREADING AS A SERVICE

Further, the present application's Applicant is concurrently filing the following U.S. patent application on Apr. 8, 2015:

Attorney Docket No. Title SEAZN.1099A ENDPOINT MANAGEMENT SYSTEM AND VIRTUAL COMPUTE SYSTEM

The disclosures of the above-referenced applications are hereby incorporated by reference in their entireties.

BACKGROUND

Generally described, computing devices utilize a communication network, or a series of communication networks, to exchange data. Companies and organizations operate computer networks that interconnect a number of computing devices to support operations or provide services to third parties. The computing systems can be located in a single geographic location or located in multiple, distinct geographic locations (e.g., interconnected via private or public communication networks). Specifically, data centers or data processing centers, herein generally referred to as a “data center,” may include a number of interconnected computing systems to provide computing resources to users of the data center. The data centers may be private data centers operated on behalf of an organization or public data centers operated on behalf, or for the benefit of, the general public.

To facilitate increased utilization of data center resources, virtualization technologies may allow a single physical computing device to host one or more instances of virtual machines that appear and operate as independent computing devices to users of a data center. With virtualization, the single physical computing device can create, maintain, delete, or otherwise manage virtual machines in a dynamic manner. In turn, users can request computer resources from a data center, including single computing devices or a configuration of networked computing devices, and be provided with varying numbers of virtual machine resources.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing aspects and many of the attendant advantages of this disclosure will become more readily appreciated as the same become better understood by reference to the following detailed description, when taken in conjunction with the accompanying drawings, wherein:

FIG. 1 is a block diagram depicting an illustrative environment for providing an application programming interface proxy service using an endpoint management system, according to an example aspect.

FIG. 2 depicts a general architecture of a computing device which may be implemented to enable various features for various subsystems and units of the endpoint management system, according to an example aspect.

FIG. 3 depicts an example user interface which provides users with various endpoint management configuration options, according to an example aspect.

FIGS. 4A and 4B are flow diagrams illustrating an application programming interface proxy routine as implemented by an endpoint management system, according to an example aspect.

FIG. 5 is a block diagram illustrating an embodiment of a networked computing environment including a client computing device and a service provider computer network.

DETAILED DESCRIPTION

Generally described, aspects of the present disclosure describe an endpoint management system by which users, such as application developers, can manage and enable exposure of application programming interfaces (“APIs”) usable to cause execution of program code on a remote or third party system. Specifically, systems and methods are disclosed which facilitate the handling of user requests to perform certain tasks on remote or third party systems. The endpoint management system allows the application developer to define and specify a first proxy API which maps to a second “backend” API associated with the remote or third party system. Remote or third party systems may include for example a system on a local network, a system on an open or publicly accessible network, a system which hosts one or more services such as a virtual compute environment, and so forth. Requests to execute the proxy API are received from user computing systems by the endpoint management system, which determines the API mapping based on the user-provided specification of various configuration options. The endpoint management system in turn generates and sends one or more backend API requests to execute program codes by the associated remote or backend systems. Responses from the remote or backend systems are received by the endpoint management system which can then analyze, parse, and/or transform the results associated with the response and generate an output result for response back to the user computing systems.

Thus, in embodiments described herein, a developer can describe an exposed API (e.g., a proxy API) and define logic and one or more endpoints (e.g., a backend API). For example, a cloud based “proxy” API may be called by a client device to the endpoint management system, where the endpoint management system knows which endpoints to select for the proxy API. The endpoints can be heterogeneous (e.g., web services, Internet of Things (“IoT”) devices, other cloud-based service provider functions, datacenter functionality, and so on), and can also include other APIs. For example, a Representational State Transfer (“REST”) API may be exposed which maps to a legacy SOAP-based API. In some embodiments a proxy fleet may be implemented as part of the endpoint management system to improve performance, efficiency, and scalability. Additional features described herein include the ability to chain or link multiple functionality or backend API calls (dependent or independent) based on a single proxy API call; additional security mechanisms for users of the endpoint management system to manage exposure of backend APIs and services; dynamic and intelligent caching of results returned from backend systems to improve efficiency and relieve remote and backend systems from performing repeat tasks which may yield results usable by multiple proxy APIs; performance management to protect remote and/or backend systems from being overloaded by a high volume of API requests, including user-configurable settings to throttle incoming requests (e.g., limit servicing of requests to a certain number in a given time period) and metering of received requests.

The endpoint management system may enable configuration of a proxy interface in a variety of protocol formats, including but not limited to Hypertext Transfer Protocol (HTTP), HTTP Secure (“HTTPS”), HTTP2, a REST API, a remote procedure call (“RPC”), a binary API, WebSockets, Message Queue Telemetry Transport (“MQTT”), Constrained Application Protocol (“CoAP”), Java Message Service (“JMS”), Advanced Message Queuing Protocol (“AMQP”), Simple (or Streaming) Text Oriented Message Protocol (“STOMP”), Electronic data interchange (“EDI”), Simple Mail Transfer Protocol (“SMTP”), Internet Message Access Protocol (“IMAP”), Post Office Protocol (“POP”), File Transfer Protocol (“FTP”), Open Database Connectivity (“ODBC”), Thrift, Protocol Buffers, Avro, Cap'n Proto, FlatBuffers, and other types of protocols. Some of these protocols describe a network and data format, and some may act as a container for other formats. Other data formats not implicit to the above listed protocols may include, for example: JavaScript Object Notation (“JSON”), Extensible Markup Language (“XML”), Simple Object Access protocol (“SOAP”), Hypertext markup language (“HTML”), comma separated values (“CSV”), tab separated values (“TSV”), INT file, YAML Ain't Markup Language (“YAML”), Binary JSON (“BSON”), MessagePack, Sereal, and Bencode. Any of the protocols and data formats may be used for either endpoint of an API proxy mapping in any combination. For example, a REST API may be mapped to a binary API; a HTTP API may be mapped to a remote procedure call; a first binary API may be mapped to a second binary API; and so on.

Specific embodiments and example applications of the present disclosure will now be described with reference to the drawings. These embodiments and example applications are intended to illustrate, and not limit, the present disclosure.

With reference to FIG. 1, a block diagram illustrating an embodiment of a computing environment 100 will be described. The example shown in FIG. 1 includes a computing environment 100 in which users of user computing devices 102 may access a variety of services provided by an endpoint management system 106, an endpoint proxy system 132, and backend systems 114 via a network 104A and/or a network 104B.

In the example of FIG. 1, various example user computing devices 102 are shown, including a desktop computer, laptop, a mobile phone, and a tablet. In general, the user computing devices 102 can be a wide variety of computing devices including personal computing devices, laptop computing devices, hand-held computing devices, terminal computing devices, mobile devices (e.g., mobile phones, smartphones, tablet computing devices, electronic book readers, etc.), wireless devices, various electronic devices and appliances, and the like. In addition, the user computing devices 102 may include web services running on the same or different data centers, where, for example, different web services may programmatically communicate with each other to perform one or more techniques described herein. Further, the user computing devices 102 may include Internet of Things (IoT) devices such as Internet appliances and connected devices. Other components of the computing environment 100 (e.g., endpoint management system 106) may provide the user computing devices 102 with one or more user interfaces, command-line interfaces (CLI), application programming interfaces (API), and/or other programmatic interfaces for utilizing one or more services offered by the respective components. Such services may include generating and uploading user codes, invoking the user codes (e.g., submitting a request to execute the user codes (e.g., via the endpoint proxy system 132), configuring one or more APIs (e.g., via the endpoint management system 106), caching results of execution of user codes and APIs, and/or monitoring API call usage for security, performance, metering, and other factors. Although one or more embodiments may be described herein as using a user interface, it should be appreciated that such embodiments may, additionally or alternatively, use any CLIs, APIs, or other programmatic interfaces.

The user computing devices 102 access endpoint proxy system 132 and/or the endpoint management system 106 over the network 104A. The endpoint proxy system 132 may comprise one or more servers or systems (e.g., a proxy fleet) which may be configured to manage execution of endpoint or backend APIs (e.g., as executed on the backend systems 114). The endpoint proxy system 132 may access other components of the computing environment 100, such as the backend systems 114 and an endpoint results cache 130 over the network 104B. The networks 104A and/or 104B may be any wired network, wireless network, or combination thereof. In addition, the networks 104A and/or 104B may be a personal area network, local area network, wide area network, over-the-air broadcast network (e.g., for radio or television), cable network, satellite network, cellular telephone network, or combination thereof. For example, the network 104A may be a publicly accessible network of linked networks, possibly operated by various distinct parties, such as the Internet. In some embodiments, the network 104B may be a private or semi-private network, such as a corporate or university intranet, or a publicly accessible network such as the Internet. In one embodiment, the network 104B may be co-located or located in close proximity to the endpoint proxy system 132, such that communication over the network 104B between the endpoint proxy system 132 and backend system(s) 114 may benefit from increased performance (e.g., faster and/or more efficient communication). The networks 104A and/or 104B may include one or more wireless networks, such as a Global System for Mobile Communications (GSM) network, a Code Division Multiple Access (CDMA) network, a Long Term Evolution (LTE) network, or any other type of wireless network. The network 104A and/or 104B can use protocols and components for communicating via the Internet or any of the other aforementioned types of networks. For example, the protocols used by the network 104A and/or 104B may include Hypertext Transfer Protocol (HTTP), HTTP Secure (HTTPS), Message Queue Telemetry Transport (MQTT), Constrained Application Protocol (CoAP), and the like. Protocols and components for communicating via the Internet or any of the other aforementioned types of communication networks are well known to those skilled in the art and, thus, are not described in more detail herein.

The computing environment 100 is depicted in FIG. 1 as operating in a distributed computing environment including several computer systems that are interconnected using one or more computer networks. The endpoint management system 106 and/or the endpoint proxy system 132 could also operate within a computing environment having a fewer or greater number of devices than are illustrated in FIG. 1. Thus, the depiction of the computing environment 100 in FIG. 1 should be taken as illustrative and not limiting to the present disclosure. For example, the computing environment 100 or various constituents thereof could implement various Web services components, hosted or “cloud” computing environments, and/or peer-to-peer network configurations to implement at least a portion of the processes described herein.

Further, the various components of the computing environment 100 may be implemented in hardware and/or software and may, for instance, include one or more physical or virtual servers implemented on physical computer hardware configured to execute computer executable instructions for performing various features that will be described herein. The one or more servers may be geographically dispersed or geographically co-located, for instance, in one or more data centers.

As illustrated in FIG. 1, the endpoint proxy system 132 includes a response handler 108, a cache manager 120, and a performance unit 124. The response handler 108 may be configured to, for example, receive requests from calling systems (including, for example, user devices 102) to execute proxy APIs which correspond to one or more APIs to be called or invoked on one or more backend system(s) 114. The response handler 108 may be in communication with and access an endpoint/API mapping definitions data source 128 to look up API mapping definition for a received request. The response handler 108 can, based at least in part on the API mapping definition, determine a backend API (or APIs) and backend system(s) to be used to service the request. The response handler 108 may also be configured to parse and/or analyze the request and any associated input parameters provided with the request, and determine based on the API mapping definition any appropriate data transformations and mappings of the associated input parameters to input parameters for the backend API. In some embodiments the response handler 108 may check with the cache manager 120 to determine whether a cached result for the proxy API request is available, as will be described in more detail below. The response handler 108 may then send the transformed API request to the appropriate backend system(s) 114 and in turn receive a result back in response. The response handler 108 may in turn parse and/or transform the result into an output result for response to the original calling system, and provide the output result. The result may be parsed and/or transformed based in part on the API mapping definition. The result may also be provided to the cache manager 120 for further handling as described herein.

The cache manager 120 may be configured to manage results received from backend system(s) 114 in association with backend API requests in a number of ways. The cache manager 120 may be in communication with an endpoint results cache 130, where results received from backend system(s) 114 in association with backend API requests may be stored and accessed for future API proxy requests. Cached results may include both original backend API result from a backend system(s) 114, as well as a transformed or output result after the original backend API result is processed by the response handler 108.

The caching of results may be performed based at least in part on the API mapping definition. For example, the API mapping definition may include a user-provided configuration setting to specify whether results from a backend API should be cached and, if so, for how long. Thus a developer may indicate that results from a particular backend API may be cached for a period of time (e.g., seconds, minutes, hours, days, weeks, months, years, or any other amount of time). As described above with reference to the response handler 108, when a proxy API request is received and processed, the cache manager 120 may perform a cache check to determine whether cached results are available, valid, and/or otherwise unexpired (e.g., past the cache duration). If cached results are available, the cache manager 120 may access and retrieve them from the endpoint results cache 130 and provide them to the response handler 108.

As referenced above, the cache manager 120 may cache results from backend API calls in a number of ways. For example, in certain embodiments, if a first API call is received multiple times by the endpoint proxy system 132 and a cached result for a first backend API is available, then a copy of the cached result may be provided without the need to send the associated first backend API request to the respective backend system 114 again or multiple times with the cache duration period of time. In another embodiment, a second proxy API call may be received by the endpoint proxy system 132 which maps to the same backend API as the first proxy API call, in which case the response handler 108 and/or cache manager 120 may determine that the same cached result may be provided without the need to send the associated backend API request to the respective backend system 114. In yet another example, the second proxy API call may map to a second backend API which nevertheless returns the same result, or a portion of the same result, as the first backend API. In such a scenario the same cached result (or the relevant portion thereof) may be provided without the need to send the associated second backend API request to the respective backend system 114.

As an illustrative example of the flexible and dynamic caching feature described above, consider a first backend API which provides a result comprising a set of records including a name, a telephone number, and a mailing address for respective individuals; and a second backend API which provides a result comprising a mailing address for a particular individual. If a first proxy API call is received and processed to perform the first backend API, then the set of records may be cached by the cache manager 120. Subsequently, if the first proxy API call is received again, then the cached set of records may be accessed instead of issuing a request to the backend system(s) 114. In addition, if a second proxy API call is received corresponding to the second backend API requesting a mailing address for a particular individual, then the cached set of records may also be accessed to provide an output result to the calling system instead of issuing a request to the backend system(s) 114 to execute the second proxy API call. Thus, it may be possible to pre-emptively cache results for a backend API call without the need to call that backend API, for example if the cached results are cumulative of overlapping with another backend API call.

The performance unit 124 may be configured to manage performance related aspects involving backend API requests sent to backend system(s) 114. For example, the API mapping definition may include a user-provided configuration setting to specify a limit or frequency for how often a backend API may be called. This feature may be of benefit when a backend system 114 may be a legacy system or one that is outdated, under-performing or less efficient, or over-burdened with servicing backend API requests. Thus for example a user can specify that a certain backend API may be called only a certain number of times over a certain length of time (e.g., 100 times per minute, 10 times per hour, or any other frequency); or a certain number of times over a certain time period (e.g., to throttle requests received during peak service hours).

Another performance configuration option that may be provided and utilized in association with the performance unit 124 is a setting to specify whether a metering identifier is required or to be used to track or monitor calling systems' use of the backend APIs. Such metering information may be of benefit to enable visibility into which proxy API and/or backend APIs are called, how often, and by which calling system.

As illustrated in FIG. 1, the endpoint management system 106 includes a manager user console 132, a security manager 122, and a Software Developer Kit (“SDK”) generation service 126. The manager user console 132 may provide one or more user interfaces by which users, such as system administrators and/or developers, can manage, for example, API proxy settings including API mapping definitions, caching options, performance options, and security options. One example endpoint management user interface which may be generated and provided by the manager user console 132 is example user interface 300 illustrated and described herein with reference to FIG. 3. Users may access the manager user console 132 and related user interfaces over the network 104A (e.g., when the network 104A is configured as a public network) or over the network 104B (e.g., when the network 104B is configured as a private network), for example using a user computing device 102. For example, the manager user console 132 may provide a web, mobile, standalone, or other application which may be accessed or installed on a user computing device 102 and configured to communicate with the endpoint management system 106. API mapping definitions created and revised by users via the endpoint management system 106 may be stored in the endpoint/API mapping definitions data source 128. The endpoint management system 106 may be configured to publish, push, or otherwise transmit various of the API mapping definitions to the endpoint proxy system 132, which may use the API definitions for various response handling and related procedures described herein.

The security manager 122 may be configured to manage security and access to backend system(s) 114 and backend APIs. For example, the API mapping definition may include a user-provided configuration setting to specify whether only certain user(s) or group(s) may be allowed to call the backend API. A proxy API request may include an indicator (or security token) associated with a requesting user or group and, based on the API mapping definition, the security manager 122 may determine whether the request should be allowed or denied. If the calling system (e.g., a user computing device 102) provides an indicator or security token that maps to a user or group that is allowed to call the backend API, then the security manager 122 may indicate to the response handler 108 that processing of the request can proceed. If the calling system fails to provide an indicator or security token, or provides an indicator or security token that does not map to a user or group that is allowed to call the backend API, then the security manager 122 may indicate to the response handler 108 that processing of the request should stop (in which case a return indicator may optionally be provided by the endpoint proxy system 132 to indicate that the request was denied due to lack of authorization). In this way, for example, a developer may safeguard or limit access to certain backend APIs.

The endpoint management system 106 may also include an SDK generation service 126 to enable users to generate an SDK based on one or more API mapping definitions. This feature may be of particular benefit to users of the endpoint management system 106 who have invested considerable time and effort in mapping a suite of legacy backend APIs to a new set of proxy APIs. An SDK may be generated based on the API mapping definitions and provided to other users (such as system developers who wish to interface with or use a backend system 114 using more modern API protocols) to facilitate development of other applications and services which utilize the backend system(s) 114 via the suite of proxy APIs.

An example configuration which may be used to implement the various subsystems and units of the endpoint management system 106 and/or endpoint proxy system 132 is described in greater detail below with reference to FIG. 2.

As shown in FIG. 1, the endpoint management system 106 communicates with the endpoint proxy fleet 123A . . . N. For example, a first proxy server may be configured to manage execution of a first proxy API; a second proxy server may be configured to manage execution of a second proxy API; and an nth proxy server may be configured to manage execution of an nth proxy API. Or, one proxy server may be configured to manage execution of multiple proxy APIs which may be related or grouped together, for example based in part on similarity of backend APIs, cumulative or overlapping results obtained from backend system(s) 114 for associated backend APIs, and so on. Each proxy server in the fleet of proxy servers may be configured for performance or efficiency with respect to particular tasks or backend systems. For example, a proxy server may be configured for efficient performance and execution of proxy APIs which involve database queries, while another proxy server may be configured for efficient performance and execution of proxy APIs which involve significant data transformation of backend API results to output results.

In the example of FIG. 1, the endpoint proxy system 132 is illustrated as being connected to the network 104A and the network 104B. In some embodiments, any of the components within the endpoint proxy system 132 can communicate with other components (e.g., the user computing devices 102 and backend system(s) 114) of the computing environment 100 via the network 104A and/or network 104B. In other embodiments, not all components of the endpoint proxy system 132 are capable of communicating with other components of the computing environment 100. In one example, only the response handler 108 may be connected to the network 104A, and other components of the endpoint proxy system 132 may communicate with other components of the computing environment 100 via the response handler 108.

In the example of FIG. 1, the endpoint management system 106 is illustrated as being connected to the network 104A. In some embodiments, any of the components within the endpoint management system 106 can communicate with other components (e.g., the user computing devices 102 and backend system(s) 114) of the computing environment 100 via the network 104A and/or network 104B. In other embodiments, not all components of the endpoint management system 106 are capable of communicating with other components of the computing environment 100. In one example, only the manager user console 132 may be connected to the network 104A, and other components of the endpoint management system 106 may communicate with other components of the computing environment 100 via the manager user console 132.

The backend system(s) 114 may include legacy systems that have protocols that are not compatible with those of the user computing devices 102 or otherwise not easily accessible by the user computing devices 102. The backend system(s) 114 may also include devices that have device-specific protocols (e.g., IoT devices).

In some embodiments, the endpoint proxy system 132 provides to the user computing devices 102 a more convenient access to the backend system(s) 114 or other systems or devices. In some of such embodiments, the endpoint proxy system 132 may communicate with an IoT device with device-specific protocols. For example, the IoT device may have a temperature sensor, and the user can request temperature information from the IoT device. In another example, the IoT device may be a thermostat and the user may be able to cause it to set the temperature to a given temperature. Depending on what the device is, it can have different capabilities. All those capabilities may be managed by some type of API (e.g., backend API) that would exist for manipulating the capability. The endpoint proxy system 132 may perform the necessary protocol translation and/or data manipulation to allow users to seamlessly communicate with such IoT devices without having to worry about device-specific protocols or requirements. For example, the endpoint proxy system 132 may query the IoT devices for data or send commands to the IoT devices. The responses received from those IoT devices may be used to shape the response back to the caller based on the requirements of the caller.

FIG. 2 depicts a general architecture of a computing device 106A that which may be implemented to enable various features of the various subsystems and units of the endpoint management system, including but not limited to the response handler 108, the cache manager 120, the security manager 122, the performance unit 124, and the SDK generation service 126. The general architecture of the computing device 106A depicted in FIG. 2 includes an arrangement of computer hardware and software modules that may be used to implement aspects of the present disclosure. The computing device 106A may include many more (or fewer) elements than those shown in FIG. 2. It is not necessary, however, that all of these generally conventional elements be shown in order to provide an enabling disclosure. As illustrated, the computing device 106A includes a processing unit 190, a network interface 192, a computer readable medium drive 194, an input/output device interface 196, all of which may communicate with one another by way of a communication bus. The network interface 192 may provide connectivity to one or more networks or computing systems. The processing unit 190 may thus receive information and instructions from other computing systems or services via the network 104A or 104B. The processing unit 190 may also communicate to and from the memory 180 and further provide output information for an optional display (not shown) via the input/output device interface 196. The input/output device interface 196 may also accept input from an optional input device (not shown).

The memory 180 may contain computer program instructions (grouped as modules in some embodiments) that the processing unit 190 executes in order to implement one or more aspects of the present disclosure. The memory 180 generally includes RAM, ROM and/or other persistent, auxiliary or non-transitory computer-readable media. The memory 180 may store an operating system 184 that provides computer program instructions for use by the processing unit 190 in the general administration and operation of the response handler 108. The memory 180 may further include computer program instructions and other information for implementing aspects of the present disclosure. For example, in one embodiment, the memory 180 includes a user interface unit 182 that generates user interfaces (and/or instructions therefor) for display upon a computing device, e.g., via a navigation and/or browsing interface such as a browser or application installed on the computing device. For example, the user interface unit 182 may generate one or more endpoint management configuration user interfaces such as the example user interface 300 illustrated and described herein with reference to FIG. 3. Although the example of FIG. 2 is described in the context of user interfaces, it should be appreciated that one or more embodiments described herein may be implemented using, additionally or alternatively, any CLIs, APIs, or other programmatic interfaces. In addition, the memory 180 may include and/or communicate with one or more data repositories (not shown), for example, to access program codes, pattern matching definitions, and/or libraries.

In addition to and/or in combination with the user interface unit 182, the memory 180 additional units 186A . . . N that may be executed by the processing unit 190 to provide the various features associated with particular instances of the subsystems and units of the endpoint management system 106 and/or endpoint proxy fleet 132. For example, the response handler 108 may include a response parsing unit that may be executed to parse responses or results received from backend system(s) 114. The cache manager 120 may include a caching unit that may be executed to determine whether to cache results received from backend system(s) 114, and whether cached results should be used to respond to certain proxy API requests. The security manager 122 may include an authorization unit that may be executed to determine whether a proxy API request has proper security identification and should be allowed to proceed. The performance unit 124 may include a throttle unit that may be executed to determine whether a proxy API request should be allowed to proceed under current demand conditions. The SDK generation service 126 may include an API mapping analysis unit that may be executed to aggregate a set of API mapping definitions into a unified SDK library.

In various embodiments, all or a portion of the additional units 186A . . . N may be implemented by other components of the endpoint management system 106, the endpoint proxy system 132, and/or another computing device. For example, in certain embodiments of the present disclosure, another computing device in communication with the endpoint management system 106 and/or the endpoint proxy system 132 may include several modules or components that operate similarly to the modules and components illustrated as part of the computing device 106A.

Turning now to FIG. 3, an example user interface 300 which provides users with various endpoint management configuration options in association with the endpoint management system 106 will be described. In various embodiments, the user interface 300 shown in FIG. 3 may be presented as a web page, as a mobile application display, as a stand-alone application display, as a popup window or dialog box, as an email message, or by other communication means. In other embodiments, analogous interfaces may be presented using audio or other forms of communication. In an embodiment, the interfaces shown in FIG. 3 is configured to be interactive and respond to various user interactions. Such user interactions may include clicks with a mouse, typing with a keyboard, touches and/or gestures on a touch screen, voice commands, and/or the like. The display elements shown in user interface 300 are merely for example purposes; more or less display elements and user input fields may be presented depending on the embodiment.

As shown, example user interface 300 includes a number of display elements (e.g., descriptions of various API mapping configuration option) and user input fields (e.g., text boxes, check or radio boxes, and so forth). At display element 302 the user interface presents a number of Endpoint API Options, including for example: a system access/connection setting (display element 304) and an associated text input field by which the user may specify a system or connection setting for the backend API; a function name (display element 306) and an associated text input field by which the user may specify the name of the backend API; input parameters (display element 308) and an associated text input field by which the user may specify one or more input parameters for the backend API; and output result parameters (display element 308) and an associated text input field by which the user may specify the type of output(s) provided by backend API.

At display element 312 the user interface presents a number of Proxy API Options, including for example: a function name (display element 314) and an associated text input field by which the user may specify the name of the proxy API; input parameters (display element 316) and an associated text input field by which the user may specify one or more input parameters for the proxy API; and output parameters (display element 318) and an associated text input field by which the user may specify the type of output(s) provided by proxy API.

At display element 322 the user interface presents a number of Cache Options, including for example: a cache results setting (display element 324) and an associated radio box selection user input field by which the user may specify whether output results should be cached by the endpoint management system; and a cache duration (display element 326) and an associated text input field by which the user may specify a duration for how long the cached results should remain valid.

At display element 328 the user interface presents a number of Security and User Access Options, including for example: a limit access setting (display element 330) and an associated text box user input field by which the user may specify users and/or groups permitted to call the proxy and/or associated backend API(s); and a metering identification requirement setting (display element 332) and an associated radio box selection field by which the user may specify whether a metering identifier requirement should be enforced or required for execution of the proxy API.

At display element 334 the user interface presents a number of Performance Options, including for example: an API call service limit setting (display element 336) and an associated text box user input field by which the user may specify a maximum number of backend API requests over a certain amount of time.

At display element 338, the user interface presents a save button to Save the API mapping definition and settings, which when selected by the user may cause the endpoint management system to save the API mapping definition in the endpoint/API mapping definitions data source 128. Display element 340 presents a Cancel button to cancel or end the current configuration without saving the API mapping or settings.

Another feature not illustrated in FIG. 3 which may be provided by the endpoint management system 106 may be an indicator that changes to an API mapping definition may result in a breaking change of the API mapping. For example, a change to the name, the input parameters, and/or the output parameters of the proxy API may comprise a breaking change, such that a calling system using the proxy API before the breaking change may no longer be able to use the proxy API without updating to the changed proxy API definition. For example, if the name of the proxy API is changed then a calling system will no longer be able to call the proxy API using the old name; or, if the number of required input parameters (and/or associated attributes) changes, then a calling system may not be able to call the proxy API using fewer inputs than are now required; and so on. In various instances the endpoint management system 106 may be configured to detect when a breaking change to an API proxy definition may occur and provide a warning or indicator to the user. The indicator may optionally include suggestions on how to address the breaking change (e.g., creating a new proxy API instead of changing an existing API; making new or modified input and/or output parameters optional; leaving existing attribute names or identifiers the same and only adding new attribute names or identifiers; and similar types of actions to maintain or preserve an existing API proxy mapping definition).

Turning now to FIG. 4A, a routine 400A implemented by one or more components of the endpoint management system 106 and/or the endpoint proxy system 132 (e.g., the response handler 108, the cache manager 120, the security manager 122, the performance unit 124, and/or the SDK generation service 126) will be described. Although routine 400A is described with regard to implementation by the endpoint management system 106, one skilled in the relevant art will appreciate that alternative components may implement routine 400A or that one or more of the blocks may be implemented by a different component or in a distributed manner.

At block 402 of the illustrative routine 400A, the endpoint management system 106 receives an API mapping definition for interfacing with a backend or endpoint API and associated backend system. The API mapping definition may be received for example via the user interface 300 illustrated and described herein with reference to FIG. 3. The API mapping definition may be stored for example in the endpoint/API mapping definitions data source 128. The API mapping definition may include a number of configuration options as described throughout this disclosure.

Next, at block 404, the endpoint proxy system 132 receives a request from a calling system to execute program code via an API proxy. The request may be received, for example, from a user computing device 102.

At block 406, the endpoint proxy system 132 determines an API mapping definition based on the received request. The determination may be based, for example, on various factors associated with the received request, including the name of the proxy API, input parameters associated with the proxy API, the calling system or requesting entity, any security or identification information provided with the request (such as an identification token, a metering identifier, or other identifier), and so forth.

At block 408, the endpoint proxy system 132 optionally performs some preprocessing associated with the API mapping definition. For example, in one embodiment the response handler 108 may determine whether the proxy API request has proper security identification and should be allowed to proceed. Or, in the same or another embodiment, the response handler 108 may interact with the cache manager 120 to determine whether a cached result is available and/or should be used to respond to the proxy API request. Or, in the same or another embodiment, the response handler 108 may interact with the performance unit 124 to determine whether the proxy API request should be allowed to proceed under current demand conditions. For example, in response to determining that a certain limit to the number of API requests to allow (as indicated in the API mapping definition) has been exceeded, the performance unit 124 may deny the proxy API request.

At block 410, the endpoint proxy system 132 transforms the API proxy request for processing by a backend system via a backend API as specified in the API mapping definition. For example, the API mapping definition may specify that one or more input parameters associated with the proxy API request are to be mapped, parsed, and/or transformed into one or more input parameters for the backend or endpoint API request. The endpoint proxy system 132 may also determine from the API mapping definition a particular backend system to which the backend API request is to be sent. Once this is complete, the routine 400A can proceed to block 412 of FIG. 4B.

Turning now to FIG. 4B, the routine 400A continues with illustrative routine 400B. At block 412 of routine 400B, the endpoint proxy system 132 sends, to the particular backend system 114, a request to execute program code via the backend API. In some embodiments, the endpoint proxy system 132 may send multiple backend API requests associated with the proxy API request, which may be specified in the API mapping definition. The multiple backend API requests may be sent serially or in parallel depending on the particular configuration in the API mapping definition. For example, one API mapping definition may specify a workflow, wherein a single proxy API request corresponds to and involves multiple backend API requests, some of which may be independent (e.g., can be executed in parallel) and some of which may be dependent (e.g., execution of a second backend API may depend on the outcome results received from the execution of a first backend API, a scenario in which serial processing of the first backend API followed by execution of the second backend API may be necessary).

At block 414, the endpoint proxy system 132 receives results of the backend API request (e.g., from execution of the program code) from the particular backend system 114.

Next, at block 416, the endpoint proxy system 132 transforms the received results based at least in part on the API mapping definition. For example, the API mapping definition may specify that one or more result parameters associated with the backend API request are to be mapped, parsed, and/or transformed into one or more output result parameters for the proxy API request. For example, a result received from the backend system 114 may be in one format (e.g., an XML document) which is to be transformed into another format (e.g., a JSON object) according to the API mapping definition.

At block 418, the endpoint proxy system 132 optionally caches the received results and/or the transformed results. For example, the API mapping definition may include a user-specified configuration option indicating whether the received results and/or the transformed results (or both) should be cached, and if so, for how long. The results can be cached, for example, in the endpoint results cache 130, as discussed above.

At block 420, the endpoint proxy system 132 provides the transformed results to the calling system (e.g., a user computing device 102) in response to the received proxy API request. In some embodiments, the endpoint proxy system 132 may continue sending additional backend API requests associated with the proxy API request, which may be specified in the API mapping definition.

While the routine 400A-400B of FIGS. 4A-4B has been described above with reference to blocks 402-410 and 412-420, the embodiments described herein are not limited as such, and one or more blocks may be omitted, modified, or switched without departing from the spirit of the present disclosure.

FIG. 5 is a block diagram illustrating an embodiment of a networked computing environment 500 including one or more client computing devices (“clients”) 102 in communication with a service provider computer network 501 through a communication networks 104A and/or 104B. The networked computing environment 500 may include different components, a greater or fewer number of components, and can be structured differently. For example, there can be more than one service provider computer networks 501 so that hosting services or data storage services can be implemented across the multiple service provider computer networks 501 based, for example, on established protocols or agreements. As another example, the service provider computer network 501 may include more or fewer components and some components may communicate with one another through the communication networks 104A and/or 104B.

Illustratively, the client 102 can be utilized by a customer of the service provider computer network 501. In an illustrative embodiment, the client 102 includes necessary hardware and software components for establishing communications with various components of the service provider computer network 501 over the communication networks 104A and/or 104B, such as a wide area network or local area network. For example, the client 102 may be equipped with networking equipment and browser software applications that facilitate communications via the Internet or an intranet. The client 102 may have varied local computing resources such as central processing units and architectures, memory, mass storage, graphics processing units, communication network availability and bandwidth, etc. In one embodiment, the client 102 may have access to or control over a virtual machine instance hosted by the service provider computer network 501. The client 102 may also have access to data storage resources provided by the service provider computer network 501.

With continued reference to FIG. 5, according to one illustrative embodiment, the service provider computer network 501 may include interconnected components such as the endpoint management system 106, endpoint proxy system 132, one or more host computing devices 510, a storage management service 503, and one or more storage systems 507, having a logical association of one or more data centers associated with one or more service providers. The endpoint management system 106 may be implemented by one or more computing devices. For example, the endpoint management system 106 may be implemented by computing devices that include one or more processors to execute one or more instructions, memory, and communication devices to communicate with one or more clients 102 or other components of the service provider computer network 501. In some embodiments, the endpoint management system 106 is implemented on one or more servers capable of communicating over a network. In other embodiments, the endpoint management system 106 is implemented by one or more virtual machines in a hosted computing environment. Illustratively, the endpoint management system 106 can proxy API management and configuration and other relevant functionalities disclosed herein.

The endpoint proxy system 132 may also be implemented by one or more computing devices. In some embodiments, the endpoint proxy system 132 is implemented on one or more computing devices capable of communicating over a network. In other embodiments, the endpoint proxy system 132 is implemented by one or more virtual machines instances in a hosted computing environment. The endpoint proxy system 132 may receive and respond to electronic requests to execute proxy APIs and communicate with backend systems 114 as described herein.

Each host computing device 510 may be a physical computing device hosting one or more virtual machine instances 514. The host computing device 510 may host a virtual machine instance 114 by executing a software virtual machine manager 122, such as a hypervisor, that manages the virtual machine instance 114. The virtual machine instance 114 may execute an instance of an operating system and application software.

In some embodiments, host computing devices 510 may be associated with private network addresses, such as IP addresses, within the service provider computer network 501 such that they may not be directly accessible by clients 102. The virtual machine instances, as facilitated by the virtual machine manager 122 and endpoint management system 106, may be associated with public network addresses that may be made available by a gateway at the edge of the service provider computer network 501. Accordingly, the virtual machine instances 514 may be directly addressable by a client 102 via the public network addresses. One skilled in the relevant art will appreciate that each host computing device 510 would include other physical computing device resources and software to execute multiple virtual machine instances or to dynamically instantiate virtual machine instances. Such instantiations can be based on a specific request, such as a request from a client 102.

The storage management service 503 can be associated with one or more storage systems 507. The storage systems 507 may be servers used for storing data generated or utilized by virtual machine instances or otherwise provided by clients. Illustratively, the storage management service 503 can logically organize and maintain data in data storage volumes. For example, the storage management service 503 may perform or facilitate storage space allocation, input/output operations, metadata management, or other functionalities with respect to volumes.

In some embodiments, a volume may be distributed across multiple storage systems, may be replicated for performance purposes on storage systems in different network areas. The storage systems may be attached to different power sources or cooling systems, may be located in different rooms of a datacenter or in different datacenters, or may be attached to different routers or network switches.

In an illustrative embodiment, host computing devices 510 or storage systems 507 are considered to be logically grouped, regardless of whether the components, or portions of the components, are physically separate. For example, a service provider computer network 501 may maintain separate locations for providing the host and storage components. Additionally, the host computing devices 510 can be geographically distributed in a manner to best serve various demographics of its users. One skilled in the relevant art will appreciate that the service provider computer network 501 can be associated with various additional computing resources, such additional computing devices for administration of content and resources, and the like.

It will be appreciated by those skilled in the art and others that all of the functions described in this disclosure may be embodied in software executed by one or more physical processors of the disclosed components and mobile communication devices. The software may be persistently stored in any type of non-volatile storage.

Conditional language, such as, among others, “can,” “could,” “might,” or “may,” unless specifically stated otherwise, or otherwise understood within the context as used, is generally intended to convey that certain embodiments include, while other embodiments do not include, certain features, elements and/or steps. Thus, such conditional language is not generally intended to imply that features, elements and/or steps are in any way required for one or more embodiments or that one or more embodiments necessarily include logic for deciding, with or without user input or prompting, whether these features, elements and/or steps are included or are to be performed in any particular embodiment.

Any process descriptions, elements, or blocks in the flow diagrams described herein and/or depicted in the attached figures should be understood as potentially representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps in the process. Alternate implementations are included within the scope of the embodiments described herein in which elements or functions may be deleted, executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those skilled in the art. It will further be appreciated that the data and/or components described above may be stored on a computer-readable medium and loaded into memory of the computing device using a drive mechanism associated with a computer readable storage medium storing the computer executable components such as a CD-ROM, DVD-ROM, or network interface. Further, the component and/or data can be included in a single device or distributed in any manner. Accordingly, general purpose computing devices may be configured to implement the processes, algorithms, and methodology of the present disclosure with the processing and/or execution of the various data and/or components described above.

It should be emphasized that many variations and modifications may be made to the above-described embodiments, the elements of which are to be understood as being among other acceptable examples. All such modifications and variations are intended to be included herein within the scope of this disclosure and protected by the following claims. 

What is claimed is:
 1. A system for providing endpoint management of application programming interfaces, the system comprising: an electronic data store configured to store application programming interface (“API”) mapping definitions that map a plurality of proxy APIs associated with an endpoint system to a plurality of endpoint APIs associated with an endpoint API system in communication with the endpoint system; and the endpoint system comprising one or more hardware computing devices executing specific computer-executable instructions, wherein the endpoint system is in communication with the electronic data store, and configured to at least: receive the API mapping definitions, wherein each respective API mapping definition associates a proxy API with at least one endpoint API; receive a request from a calling system to execute a particular proxy API; determine, based at least in part on the received request and the particular proxy API, an API mapping definition associated with the particular proxy API and an endpoint API corresponding to the particular proxy API; transform the request into an endpoint request for processing by the endpoint API system, wherein the request is transformed based at least in part on the API mapping definition and wherein the endpoint request includes an instruction to execute the endpoint API on the endpoint API system; transmit the endpoint request to the endpoint API system to cause execution of the endpoint API on the endpoint API system; receive an endpoint result from the endpoint API system, wherein the endpoint result is generated from the execution of the endpoint API on the endpoint API system; transform the endpoint result into a proxy result, wherein the endpoint result is transformed based at least in part on the API mapping definition; and provide a return response to the calling system, wherein the return response comprises at least the proxy result.
 2. The system of claim 1, wherein the endpoint system is further configured to store a copy of the endpoint result in a second electronic data store configured to store cached results received from respective endpoint API systems.
 3. The system of claim 1, wherein the endpoint system is further configured to access a cached copy of the endpoint result from a second electronic data store configured to store cached results received from respective endpoint API systems.
 4. A system, comprising: an endpoint proxy system comprising one or more hardware computing devices adapted to execute specific computer-executable instructions and in communication with an electronic data store configured to store application programming interface (“API”) mapping definitions that map a plurality of proxy APIs associated with the endpoint proxy system to a plurality of backend APIs associated with a backend system in communication with the endpoint proxy system, wherein the endpoint proxy system is configured to at least: receive a request from a user computing device to execute a proxy API; determine a specific API mapping definition based at least in part on the received request, the API mapping definitions, and the proxy API; transform the request into a backend request for processing by the backend system, wherein the request is transformed based at least in part on the specific API mapping definition, wherein the backend request includes an instruction to execute a backend API associated with the specific API mapping definition on the backend system; transmit the backend request to the backend system, wherein the backend request is adapted to cause execution of the backend API on the backend system; receive a backend result from the backend system, wherein the endpoint result is generated by execution of the backend API on the backend system; transform the backend result into an output result, wherein the backend result is transformed based at least in part on the specific API mapping definition; and provide the output result to the user computing device.
 5. The system of claim 4, wherein the endpoint proxy system is further configured to store a copy of the backend result in a second electronic data store configured to store cached results received from respective backend systems.
 6. The system of claim 5, wherein the endpoint proxy system is further configured to store the copy of the backend result in the second electronic data store according to a cache duration setting associated with the specific API mapping definition.
 7. The system of claim 4, wherein the endpoint proxy system is further configured to access a cached copy of the backend result from a second electronic data store configured to store cached results received from respective backend systems.
 8. The system of claim 4, wherein the specific API mapping definition comprises at least associated configuration settings for the proxy API and associated configuration settings for the backend API.
 9. The system of claim 8, wherein the associated configuration settings for the proxy API comprises a proxy API name, a proxy API input parameter, and a proxy API output result type.
 10. The system of claim 8, wherein the associated configuration settings for the backend API comprises a backend API name, a backend API input parameter, and a backend API output result type.
 11. The system of claim 4, wherein the request to execute the proxy API is received from the user computing device over a first network and the backend result is received from the backend system over a second network, wherein the second network is separate and distinct from the first network.
 12. The system of claim 11, wherein the endpoint proxy system and the backend system are co-located on the second network.
 13. A computer-implemented method comprising: as implemented by one or more computing devices configured with specific executable instructions, receiving a request from a calling system to execute a first proxy application programming interface (“API”) of a plurality of proxy APIs associated with an endpoint proxy system, wherein the plurality of proxy APIs are mapped, by API mapping definitions, to a plurality of backend APIs associated with a backend system in communication with the endpoint proxy system; determining a first API mapping definition based at least in part on the received request, the API mapping definitions, and the first proxy API; transforming the request into a backend request for processing by the backend system, wherein the request is transformed based at least in part on the first API mapping definition, wherein the backend request includes an instruction to execute a first backend API associated with the first API mapping definition on the backend system; sending the backend request to the backend system, wherein the backend request is adapted to cause execution of the first backend API on the backend system; receiving a first backend result from the backend system, wherein the first backend result is generated by execution of the backend API on the backend system; transforming the first backend result into an output result, wherein the first backend result is transformed based at least in part on the first API mapping definition; and providing the output result to the calling system.
 14. The computer-implemented method of claim 13, further comprising storing a copy of the first backend result in a second electronic data store configured to store cached results received from respective backend systems.
 15. The computer-implemented method of claim 13, further comprising: receiving a second request to execute a second proxy API; and determining, based at least in part on the received second request, the API mapping definitions, and the second proxy API, a second API mapping definition associated with the second proxy API.
 16. The computer-implemented method of claim 15, further comprising: determining, based on the second API mapping definition, that the second proxy API is mapped to the first backend API; and accessing a cached copy of the first backend result from a second electronic data store configured to store cached results received from respective backend systems.
 17. The computer-implemented method of claim 15, further comprising: determining, based on the second API mapping definition, that the second proxy API is mapped to a second backend API, wherein the second backend API is configured to return a second backend result that is a subset of the first backend result generated by execution of the backend API; accessing a cached copy of the first backend result from a second electronic data store configured to store cached results received from respective backend systems; and providing a transformed output result of the cached copy to the calling system.
 18. A computer-readable, non-transitory storage medium storing computer executable instructions that, when executed by one or more computing devices, configure the one or more computing devices to perform operations comprising: receiving a request from a calling system to execute a specific proxy application programming interface (“API”) of a plurality of proxy APIs associated with an endpoint proxy system, wherein the plurality of proxy APIs are mapped, by API mapping definitions, to a plurality of backend APIs associated with a backend system in communication with the endpoint proxy system; determining a specific API mapping definition based at least in part on the received request, the API mapping definitions, and the specific proxy API; transforming the request into a backend request for processing by the backend system, wherein the request is transformed based at least in part on the specific API mapping definition, wherein the backend request includes an instruction to execute a backend API associated with the specific API mapping definition on the backend system; sending the backend request to the backend system, wherein the backend request is adapted to cause execution of the backend API on the backend system; receiving a backend result from the backend system, wherein the backend result is generated by execution of the backend API on the backend system; transforming the backend result into an output result, wherein the backend result is transformed based at least in part on the specific API mapping definition; and providing the output result to the calling system.
 19. The computer-readable, non-transitory storage medium of claim 18, wherein the operations further comprise storing a copy of the backend result in a second electronic data store configured to store cached results received from respective backend systems.
 20. The computer-readable, non-transitory storage medium of claim 18, wherein the operations further comprise determining, based at least in part on an authorization setting associated with the specific API mapping definition, that a user identifier associated with the request to execute the specific proxy API is included in the specific API mapping definition as an authorized user or group.
 21. The computer-readable, non-transitory storage medium of claim 18, wherein the operations further comprise determining that the request to execute the specific proxy API is allowed to proceed based at least in part on comparison of a performance throttling setting associated with the specific API mapping definition to a current API request workload associated with the backend system.
 22. The computer-readable, non-transitory storage medium of claim 18, wherein the specific API mapping definition comprises at least associated configuration settings for the specific proxy API and associated configuration settings for the backend API.
 23. The computer-readable, non-transitory storage medium of claim 18, wherein the specific proxy API is associated with a first protocol and the backend API is associated with a second protocol. 